Notes about set-gid and sticky bits for directories

I can never remember how the set-gid and sticky bits work on directories, so I finally spent some time to re-read man (but had to resort to info) about chmod. This is my cheat sheet.


Setgid (octal permission 2000) makes new files in the directory owned by the group that owns the directory. This is very useful for teams.

How to set

chmod g+s thisdir
chmod 2770 thisdir

How to clear

chmod g-s thisdir
chmod 00770 thisdir

sticky bit, or restricted deletion

Sticky bit (octal permission 1000) on a directory prevents Bob from deleting a file owned by Alice. Even if the directory is owned by one of Bob’s groups and is writable, Bob cannot delete the Alice’s files. This is particulary helpful for the /tmp directory. Check it out:

$ ls -lad /tmp
drwxrwxrwt. 4 root root 120 Jan 23 09:40 /tmp

How to set sticky bit

chmod a+t thisdir
chmod 1770 thisdir

How to clear

chmod a-t thisdir
chmod 00770 thisdir

According to info coreutils chapter 27.4, “Directories and the Set-User-ID and Set-Group-ID Bits,” gnu chmod needs a 5-digit octal to clear this bit.
Basically, if it’s worth setting set-gid, you should throw in sticky bit.

chmod 03770 thisdir

Smarter way to use df on GNU/Linux

To hide all the cruft, you can exclude the filesystem types. I learned df on AIX UNIX, so I never bothered to read the man page for gnu df.

df -PBM -xtmpfs -xdevtmpfs



List current xvnc sessions in xrdp so you can reconnect to your old one


{ echo "user pid Xdisplay port"; { ps -ef | awk '/Xvnc :[[:digit:]]+/ {print $1,$2,$9}' | while read tu tpid tvnc; do sudo netstat -tlpn | awk -v "tpid=${tpid}" '$0 ~ tpid {print $4;}' | sed -r -e 's/^.*://;' -e "s/^/${tu} ${tpid} ${tvnc} /;" ; done ; } | sort -k3 ; } | column -c4 -t

The story

I connected to a gnome session on a terminal server, and disconnected. I wanted to reconnect to my current session, but apparently I got a new X session. After some research, I learned you can configure xrdp to prompt for the port number so you can get back to the previous session. However, then you have to know what to type in. After doing a manual ps and netstat, I found some useful numbers. What I needed to enter was the tcp port number, so 5919.

The explanation

You can have an entry in the /etc/xrdp/xrdp.ini file like the following block.


When you connect over RDP, select the “Reconnect” module and type in a port number, which you can find from the output of the oneliner.

{ echo "user pid Xdisplay port"; { ps -ef | awk '/Xvnc :[[:digit:]]+/ {print $1,$2,$9}' | while read tu tpid tvnc; do sudo netstat -tlpn | awk -v "tpid=${tpid}" '$0 ~ tpid {print $4;}' | sed -r -e 's/^.*://;' -e "s/^/${tu} ${tpid} ${tvnc} /;" ; done ; } | sort -k3 ; } | column -c4 -t
user       pid    Xdisplay  port
mjohnso    11448  :17       5917
mjohnso    12939  :18       5918
bgstack15  1219   :19       5919




Check if network port is open

On the local system, check if something is listening to the port:

netstat -tlpn

On a remote system, you can use telnet or ncat to check to see if you can actually get to the port:

echo '' | telnet myserver 1054

If successful, telnet returns ‘Connected to myserver’ before closing out.

echo '' | nc -v myserver 1054
$ echo '' | nc -v myserver 1054
Ncat: Version 6.40 ( )
Ncat: Connected to
$ echo '' | nc -v myserver 1055
Ncat: Version 6.40 ( )
Ncat: No route to host.

Pretty print json in python

For python2

I wanted to show what variables are in use in a function, and I wanted to see it in a nicer format than a really long, single line.

import inspect, json
def function():
print json.dumps(locals(),indent=3,separators=(',',': '))


To view what parameters were passed in to a function, add these.

def caller_args():
   frame = inspect.currentframe()
   outer_frames = inspect.getouterframes(frame)
   caller_frame = outer_frames[1][0]
   return inspect.getargvalues(caller_frame)

def function():
print caller_args()


  2. compact encoding